bridge CA
A PKI consisting of only a CA that cross-certifies with CAs of some other PKIs. (See: cross-certification. Compare: bridge.)
Senses
(I)
A PKI consisting of only a CA that cross-certifies with CAs of some other PKIs. (See: cross-certification. Compare: bridge.)
Tutorial: A bridge CA functions as a hub that enables a certificate user in any of the PKIs that attach to the bridge, to validate certificates issued in the other attached PKIs.
For example, a bridge CA (BCA) CA1 could cross-certify with four ^ PKIs that have the roots CA1, | CA2, CA3, and CA4. The cross- v certificates that the roots CA2 <-> BCA <-> CA3 exchange with the BCA enable an ^ end entity EE1 certified under | under CA1 in PK1 to construct v a certification path needed to CA4 validate the certificate of end entity EE2 under CA2, CA1 -> BCA -> CA2 -> EE2 or vice versa. CA2 -> BCA -> CA1 -> EE1
- IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026RFC 4949 — Internet Security Glossary (Version 2)https://www.rfc-editor.org/rfc/rfc4949.txtRFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.Source: IETF RFC 4949 (rfc-editor.org).